Schedule Your Free Security Assessment

UnHacked Episode 18: Cloud Security - What Business Owners Need to Know

Key Statistics

  • A recent study of 600 organizations showed that 95% had experienced a cloud-related breach
  • The average person uses 20+ cloud services

Main Topics Discussed

Evolution of Security

  • Past security focused primarily on:
  • Antivirus software
  • Firewalls
  • Physical backups
  • Geographic/physical infrastructure protection
  • Current security landscape involves:
  • Multiple cloud services
  • Remote work environments
  • Personal devices
  • No defined network perimeter
  • Infinite attack surfaces

Critical Areas Business Owners Must Address

Service Identification

  • Microsoft 365 (Email, SharePoint, OneDrive)
  • Accounting software
  • HR management systems
  • File sharing services (Dropbox, Box, Google Drive)
  • CRM systems
  • Third-party applications

Data Location and Access

  • Understanding where data is stored (geographic locations)
  • Compliance requirements (e.g., CMMC requiring U.S.-based storage)
  • Access control management
  • Regular access reviews
  • Single Sign-On implementation

User Protection

  • Regular security training
  • Phishing awareness
  • Acceptable use policies
  • Shadow IT monitoring
  • Behavioral pattern monitoring

Business Continuity

  • Backup strategies
  • Service outage plans
  • Alternative access methods
  • Critical service prioritization

Schedule Your Free Security Assessment

Key Takeaways

Security Responsibility

  • Business owners cannot delegate complete responsibility for security
  • Security is a shared model between business owners, IT providers, and users
  • Cloud providers are responsible for infrastructure, but businesses are responsible for their data

Free Services Warning

  • "If you are using a product that is free of charge, you are the product"
  • Free services often involve privacy and security trade-offs
  • Business data should not be stored on personal free accounts

Documentation Requirements

  • Maintain inventory of all cloud services
  • Document data storage locations
  • Track user access permissions
  • Create off-boarding procedures
  • Develop incident response plans

Security Culture

  • Security must be integrated into company culture
  • Regular training and testing required
  • Security is as important as finances for business survival

Recommendations for Business Owners

  1. Create comprehensive inventory of cloud services and data locations
  2. Implement regular security assessments
  3. Establish clear security policies and procedures
  4. Conduct regular security training
  5. Work with trusted IT partners while maintaining oversight
  6. Plan for service outages and data loss scenarios
  7. Implement Single Sign-On where possible
  8. Regular review of access permissions
  9. Consider security as a continuous journey, not a destination

Notable Quote

  • "If you are not watching where cybersecurity is concerned, if you are not watching this like a hawk, if you are not creating a company culture around cybersecurity and protecting your organization and your assets and your data, then you will not survive as a business.”

Schedule Your Free Security Assessment